3
我有這個簡單的代碼:設置存儲過程作爲SQL語句中的碧玉
JasperDesign jDes = JRXmlLoader.load("jasperfile.jrxml");
String sql = "Select * From table WHere address like 'St. Vincents College%'";
JRDesignQuery newQuery = new JRDesignQuery();
newQuery.setText(sql);
jDes.setQuery(newQuery);
JasperReport jRep = JasperCompileManager.compileReport(jDes);
JasperPrint jPrint = JasperFillManager.fillReport(jasperReport,null,conn);
JasperViewer.viewReport(jPrint);
所以基本上是打印的報告。我想是不是SELECT...查詢,我想用存儲過程讓我們說:
ProcedureName: GenerateReportByAddress
Parameter : personName
我怎麼能在碧玉使用CallableStatement?
CallableStatement cstmt = con.prepareCall("{call GenerateReportByAddress(?)}");
cstmt.setString(1, "secret");
的原因是:
- to make query of application encapsulated by calling only stored procedure
- to avoid SQL Injection. (because some address contains Single Quote)